Webhooks: tighten pre-auth body handling (#46802)

* Webhooks: tighten pre-auth body handling * Webhooks: clean up request body guards
2026-05-02 17:10:22 +00:00 · 2026-03-15 09:45:18 -07:00
parent 7679eb3752
commit 5e78c8bc95
8 changed files with 64 additions and 24 deletions
--- a/extensions/googlechat/src/monitor-webhook.ts
+++ b/extensions/googlechat/src/monitor-webhook.ts
@@ -21,6 +21,9 @@ function extractBearerToken(header: unknown): string {
    : "";
 }

+const ADD_ON_PREAUTH_MAX_BYTES = 16 * 1024;
+const ADD_ON_PREAUTH_TIMEOUT_MS = 3_000;
+
 type ParsedGoogleChatInboundPayload =
  | { ok: true; event: GoogleChatEvent; addOnBearerToken: string }
  | { ok: false };
@@ -112,6 +115,12 @@ export function createGoogleChatWebhookRequestHandler(params: {
            req,
            res,
            profile,
+            ...(profile === "pre-auth"
+              ? {
+                  maxBytes: ADD_ON_PREAUTH_MAX_BYTES,
+                  timeoutMs: ADD_ON_PREAUTH_TIMEOUT_MS,
+                }
+              : {}),
            emptyObjectOnEmpty: false,
            invalidJsonMessage: "invalid payload",
          });